Cipher

Test suite to validate using one or multiple ciphers to protect DoH connection

Single Valid Cipher

Description

Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Oct 20 17:31:14.311552 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.8M, max 13.8M, 11.9M free.
Oct 20 17:31:14.315135 osdx systemd-journald[222010]: Received client request to rotate journal, rotating.
Oct 20 17:31:14.315204 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de.
Oct 20 17:31:14.322635 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'system journal clear'.
Oct 20 17:31:14.533745 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'system coredump delete all'.
Oct 20 17:31:14.776646 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu.
Oct 20 17:31:14.854346 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 20 17:31:15.013201 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 20 17:31:15.078012 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'.
Oct 20 17:31:15.180146 osdx ubnt-cfgd[457951]: inactive
Oct 20 17:31:15.202158 osdx INFO[457959]: FRR daemons did not change
Oct 20 17:31:15.223135 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 20 17:31:15.295745 osdx cfgd[1655]: [399276]Completed change to active configuration
Oct 20 17:31:15.309503 osdx OSDxCLI[399276]: User 'admin' committed the configuration.
Oct 20 17:31:15.337068 osdx OSDxCLI[399276]: User 'admin' left the configuration menu.
Oct 20 17:31:15.494557 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Oct 20 17:31:15.671645 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu.
Oct 20 17:31:15.739821 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Oct 20 17:31:15.854250 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Oct 20 17:31:15.930056 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Oct 20 17:31:16.035621 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Oct 20 17:31:16.142756 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'.
Oct 20 17:31:16.223261 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Oct 20 17:31:16.343343 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Oct 20 17:31:16.461057 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 20 17:31:16.516292 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 20 17:31:16.630186 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'.
Oct 20 17:31:16.702534 osdx ubnt-cfgd[458120]: inactive
Oct 20 17:31:16.727611 osdx INFO[458128]: FRR daemons did not change
Oct 20 17:31:16.740134 osdx ca-certificates[458144]: Updating certificates in /etc/ssl/certs...
Oct 20 17:31:17.291891 osdx ubnt-cfgd[459142]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Oct 20 17:31:17.300980 osdx ca-certificates[459148]: 1 added, 0 removed; done.
Oct 20 17:31:17.304438 osdx ca-certificates[459154]: Running hooks in /etc/ca-certificates/update.d...
Oct 20 17:31:17.307560 osdx ca-certificates[459156]: done.
Oct 20 17:31:17.403526 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 20 17:31:17.404987 osdx cfgd[1655]: [399276]Completed change to active configuration
Oct 20 17:31:17.407761 osdx OSDxCLI[399276]: User 'admin' committed the configuration.
Oct 20 17:31:17.427016 osdx dnscrypt-proxy[459160]: dnscrypt-proxy 2.0.45
Oct 20 17:31:17.427073 osdx dnscrypt-proxy[459160]: Network connectivity detected
Oct 20 17:31:17.427293 osdx dnscrypt-proxy[459160]: Dropping privileges
Oct 20 17:31:17.429498 osdx dnscrypt-proxy[459160]: Network connectivity detected
Oct 20 17:31:17.429720 osdx dnscrypt-proxy[459160]: Now listening to 127.0.0.1:53 [UDP]
Oct 20 17:31:17.429761 osdx dnscrypt-proxy[459160]: Now listening to 127.0.0.1:53 [TCP]
Oct 20 17:31:17.429822 osdx dnscrypt-proxy[459160]: Firefox workaround initialized
Oct 20 17:31:17.429859 osdx dnscrypt-proxy[459160]: Loading the set of cloaking rules from [/tmp/tmpbv2d0l1z]
Oct 20 17:31:17.434371 osdx OSDxCLI[399276]: User 'admin' left the configuration menu.
Oct 20 17:31:17.668553 osdx dnscrypt-proxy[459160]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Oct 20 17:31:17.668567 osdx dnscrypt-proxy[459160]: [RD] OK (DoH) - rtt: 116ms
Oct 20 17:31:17.668575 osdx dnscrypt-proxy[459160]: Server with the lowest initial latency: RD (rtt: 116ms)
Oct 20 17:31:17.668590 osdx dnscrypt-proxy[459160]: dnscrypt-proxy is ready - live servers: 1
Oct 20 17:31:22.646202 osdx OSDxCLI[399276]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Oct 20 17:31:24.722736 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Multiple Valid Cipher

Description

Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Oct 20 17:31:32.337555 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 2.0M, max 13.8M, 11.7M free.
Oct 20 17:31:32.338494 osdx systemd-journald[222010]: Received client request to rotate journal, rotating.
Oct 20 17:31:32.338542 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de.
Oct 20 17:31:32.348777 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'system journal clear'.
Oct 20 17:31:32.578043 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'system coredump delete all'.
Oct 20 17:31:32.847621 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu.
Oct 20 17:31:32.935944 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 20 17:31:33.025350 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 20 17:31:33.135992 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'.
Oct 20 17:31:33.224438 osdx ubnt-cfgd[460846]: inactive
Oct 20 17:31:33.251614 osdx INFO[460854]: FRR daemons did not change
Oct 20 17:31:33.274456 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 20 17:31:33.352617 osdx cfgd[1655]: [399276]Completed change to active configuration
Oct 20 17:31:33.364529 osdx OSDxCLI[399276]: User 'admin' committed the configuration.
Oct 20 17:31:33.380605 osdx OSDxCLI[399276]: User 'admin' left the configuration menu.
Oct 20 17:31:33.535712 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Oct 20 17:31:33.823098 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu.
Oct 20 17:31:33.887921 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Oct 20 17:31:33.998314 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Oct 20 17:31:34.062512 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Oct 20 17:31:34.157905 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Oct 20 17:31:34.225076 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'.
Oct 20 17:31:34.321947 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Oct 20 17:31:34.385078 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Oct 20 17:31:34.512920 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 20 17:31:34.568554 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 20 17:31:34.706925 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'.
Oct 20 17:31:34.771291 osdx ubnt-cfgd[461015]: inactive
Oct 20 17:31:34.793862 osdx INFO[461023]: FRR daemons did not change
Oct 20 17:31:34.805793 osdx ca-certificates[461039]: Updating certificates in /etc/ssl/certs...
Oct 20 17:31:35.321241 osdx ubnt-cfgd[462037]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Oct 20 17:31:35.330782 osdx ca-certificates[462043]: 1 added, 0 removed; done.
Oct 20 17:31:35.333794 osdx ca-certificates[462049]: Running hooks in /etc/ca-certificates/update.d...
Oct 20 17:31:35.336900 osdx ca-certificates[462051]: done.
Oct 20 17:31:35.394740 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 20 17:31:35.395839 osdx cfgd[1655]: [399276]Completed change to active configuration
Oct 20 17:31:35.397795 osdx OSDxCLI[399276]: User 'admin' committed the configuration.
Oct 20 17:31:35.426727 osdx dnscrypt-proxy[462055]: dnscrypt-proxy 2.0.45
Oct 20 17:31:35.426799 osdx dnscrypt-proxy[462055]: Network connectivity detected
Oct 20 17:31:35.426813 osdx OSDxCLI[399276]: User 'admin' left the configuration menu.
Oct 20 17:31:35.427155 osdx dnscrypt-proxy[462055]: Dropping privileges
Oct 20 17:31:35.429710 osdx dnscrypt-proxy[462055]: Network connectivity detected
Oct 20 17:31:35.429737 osdx dnscrypt-proxy[462055]: Now listening to 127.0.0.1:53 [UDP]
Oct 20 17:31:35.429741 osdx dnscrypt-proxy[462055]: Now listening to 127.0.0.1:53 [TCP]
Oct 20 17:31:35.429759 osdx dnscrypt-proxy[462055]: Firefox workaround initialized
Oct 20 17:31:35.429762 osdx dnscrypt-proxy[462055]: Loading the set of cloaking rules from [/tmp/tmpwih1r61y]
Oct 20 17:31:35.651371 osdx dnscrypt-proxy[462055]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Oct 20 17:31:35.651386 osdx dnscrypt-proxy[462055]: [RD] OK (DoH) - rtt: 106ms
Oct 20 17:31:35.651395 osdx dnscrypt-proxy[462055]: Server with the lowest initial latency: RD (rtt: 106ms)
Oct 20 17:31:35.651400 osdx dnscrypt-proxy[462055]: dnscrypt-proxy is ready - live servers: 1
Oct 20 17:31:40.592262 osdx OSDxCLI[399276]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Oct 20 17:31:42.691637 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Oct 20 17:31:42.901892 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.8M, max 13.8M, 11.9M free.
Oct 20 17:31:42.902471 osdx systemd-journald[222010]: Received client request to rotate journal, rotating.
Oct 20 17:31:42.902515 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de.
Oct 20 17:31:42.913731 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'system journal clear'.
Oct 20 17:31:43.251735 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu.
Oct 20 17:31:43.377447 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'delete '.
Oct 20 17:31:43.468084 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Oct 20 17:31:43.584781 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'.
Oct 20 17:31:43.647776 osdx ubnt-cfgd[462111]: inactive
Oct 20 17:31:43.674727 osdx dnscrypt-proxy[462055]: Stopped.
Oct 20 17:31:43.674811 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Oct 20 17:31:43.676473 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Oct 20 17:31:43.676591 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 20 17:31:43.749225 osdx ca-certificates[462197]: Clearing symlinks in /etc/ssl/certs...
Oct 20 17:31:44.032651 osdx ca-certificates[462767]: done.
Oct 20 17:31:44.036039 osdx ca-certificates[462775]: Updating certificates in /etc/ssl/certs...
Oct 20 17:31:44.467844 osdx ubnt-cfgd[463621]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Oct 20 17:31:44.477224 osdx ca-certificates[463627]: 140 added, 0 removed; done.
Oct 20 17:31:44.480145 osdx ca-certificates[463633]: Running hooks in /etc/ca-certificates/update.d...
Oct 20 17:31:44.483152 osdx ca-certificates[463635]: done.
Oct 20 17:31:44.498877 osdx INFO[463638]: FRR daemons did not change
Oct 20 17:31:44.499155 osdx cfgd[1655]: [399276]Completed change to active configuration
Oct 20 17:31:44.501153 osdx OSDxCLI[399276]: User 'admin' committed the configuration.
Oct 20 17:31:44.519267 osdx OSDxCLI[399276]: User 'admin' left the configuration menu.
Oct 20 17:31:45.772410 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu.
Oct 20 17:31:45.870938 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Oct 20 17:31:45.938195 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Oct 20 17:31:46.090852 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Oct 20 17:31:46.153022 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Oct 20 17:31:46.272408 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'.
Oct 20 17:31:46.337849 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Oct 20 17:31:46.433070 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Oct 20 17:31:46.512319 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 20 17:31:46.593527 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 20 17:31:46.660932 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'.
Oct 20 17:31:46.759639 osdx ubnt-cfgd[463672]: inactive
Oct 20 17:31:46.783719 osdx INFO[463682]: FRR daemons did not change
Oct 20 17:31:46.796412 osdx ca-certificates[463698]: Updating certificates in /etc/ssl/certs...
Oct 20 17:31:47.288793 osdx ubnt-cfgd[464696]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Oct 20 17:31:47.297548 osdx ca-certificates[464702]: 1 added, 0 removed; done.
Oct 20 17:31:47.300783 osdx ca-certificates[464708]: Running hooks in /etc/ca-certificates/update.d...
Oct 20 17:31:47.304557 osdx ca-certificates[464710]: done.
Oct 20 17:31:47.326467 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 20 17:31:47.474896 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 20 17:31:47.476269 osdx cfgd[1655]: [399276]Completed change to active configuration
Oct 20 17:31:47.487496 osdx OSDxCLI[399276]: User 'admin' committed the configuration.
Oct 20 17:31:47.507580 osdx dnscrypt-proxy[464820]: dnscrypt-proxy 2.0.45
Oct 20 17:31:47.507638 osdx dnscrypt-proxy[464820]: Network connectivity detected
Oct 20 17:31:47.507816 osdx dnscrypt-proxy[464820]: Dropping privileges
Oct 20 17:31:47.509851 osdx dnscrypt-proxy[464820]: Network connectivity detected
Oct 20 17:31:47.510049 osdx dnscrypt-proxy[464820]: Now listening to 127.0.0.1:53 [UDP]
Oct 20 17:31:47.510088 osdx dnscrypt-proxy[464820]: Now listening to 127.0.0.1:53 [TCP]
Oct 20 17:31:47.510150 osdx dnscrypt-proxy[464820]: Firefox workaround initialized
Oct 20 17:31:47.510189 osdx dnscrypt-proxy[464820]: Loading the set of cloaking rules from [/tmp/tmp5t_addak]
Oct 20 17:31:47.513295 osdx OSDxCLI[399276]: User 'admin' left the configuration menu.
Oct 20 17:31:47.705574 osdx dnscrypt-proxy[464820]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Oct 20 17:31:47.705595 osdx dnscrypt-proxy[464820]: [RD] OK (DoH) - rtt: 115ms
Oct 20 17:31:47.705603 osdx dnscrypt-proxy[464820]: Server with the lowest initial latency: RD (rtt: 115ms)
Oct 20 17:31:47.705607 osdx dnscrypt-proxy[464820]: dnscrypt-proxy is ready - live servers: 1
Oct 20 17:31:52.676948 osdx OSDxCLI[399276]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Oct 20 17:31:54.816440 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Oct 20 17:31:55.033500 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.8M, max 13.8M, 11.9M free.
Oct 20 17:31:55.034445 osdx systemd-journald[222010]: Received client request to rotate journal, rotating.
Oct 20 17:31:55.034483 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de.
Oct 20 17:31:55.043901 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'system journal clear'.
Oct 20 17:31:55.326938 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu.
Oct 20 17:31:55.388525 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'delete '.
Oct 20 17:31:55.531096 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Oct 20 17:31:55.598990 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'.
Oct 20 17:31:55.698322 osdx ubnt-cfgd[464894]: inactive
Oct 20 17:31:55.721108 osdx dnscrypt-proxy[464820]: Stopped.
Oct 20 17:31:55.721148 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Oct 20 17:31:55.722218 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Oct 20 17:31:55.722316 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 20 17:31:55.799548 osdx ca-certificates[464979]: Clearing symlinks in /etc/ssl/certs...
Oct 20 17:31:56.073877 osdx ca-certificates[465549]: done.
Oct 20 17:31:56.077684 osdx ca-certificates[465558]: Updating certificates in /etc/ssl/certs...
Oct 20 17:31:56.500088 osdx ubnt-cfgd[466404]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Oct 20 17:31:56.507998 osdx ca-certificates[466410]: 140 added, 0 removed; done.
Oct 20 17:31:56.510839 osdx ca-certificates[466416]: Running hooks in /etc/ca-certificates/update.d...
Oct 20 17:31:56.513541 osdx ca-certificates[466418]: done.
Oct 20 17:31:56.527779 osdx INFO[466421]: FRR daemons did not change
Oct 20 17:31:56.528264 osdx cfgd[1655]: [399276]Completed change to active configuration
Oct 20 17:31:56.530173 osdx OSDxCLI[399276]: User 'admin' committed the configuration.
Oct 20 17:31:56.563727 osdx OSDxCLI[399276]: User 'admin' left the configuration menu.
Oct 20 17:31:57.918463 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu.
Oct 20 17:31:57.980240 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Oct 20 17:31:58.081129 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Oct 20 17:31:58.149811 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Oct 20 17:31:58.244993 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Oct 20 17:31:58.347274 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'.
Oct 20 17:31:58.403903 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Oct 20 17:31:58.499114 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Oct 20 17:31:58.573058 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 20 17:31:58.661926 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 20 17:31:58.737646 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'.
Oct 20 17:31:58.837987 osdx ubnt-cfgd[466455]: inactive
Oct 20 17:31:58.859236 osdx INFO[466465]: FRR daemons did not change
Oct 20 17:31:58.872618 osdx ca-certificates[466480]: Updating certificates in /etc/ssl/certs...
Oct 20 17:31:59.399100 osdx ubnt-cfgd[467479]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Oct 20 17:31:59.407846 osdx ca-certificates[467485]: 1 added, 0 removed; done.
Oct 20 17:31:59.411663 osdx ca-certificates[467491]: Running hooks in /etc/ca-certificates/update.d...
Oct 20 17:31:59.415367 osdx ca-certificates[467493]: done.
Oct 20 17:31:59.434461 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 20 17:31:59.578734 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 20 17:31:59.579764 osdx cfgd[1655]: [399276]Completed change to active configuration
Oct 20 17:31:59.590725 osdx OSDxCLI[399276]: User 'admin' committed the configuration.
Oct 20 17:31:59.607032 osdx dnscrypt-proxy[467603]: dnscrypt-proxy 2.0.45
Oct 20 17:31:59.607090 osdx dnscrypt-proxy[467603]: Network connectivity detected
Oct 20 17:31:59.607297 osdx dnscrypt-proxy[467603]: Dropping privileges
Oct 20 17:31:59.609690 osdx dnscrypt-proxy[467603]: Network connectivity detected
Oct 20 17:31:59.609725 osdx dnscrypt-proxy[467603]: Now listening to 127.0.0.1:53 [UDP]
Oct 20 17:31:59.609730 osdx dnscrypt-proxy[467603]: Now listening to 127.0.0.1:53 [TCP]
Oct 20 17:31:59.609760 osdx dnscrypt-proxy[467603]: Firefox workaround initialized
Oct 20 17:31:59.609765 osdx dnscrypt-proxy[467603]: Loading the set of cloaking rules from [/tmp/tmp1sl0kmys]
Oct 20 17:31:59.611856 osdx OSDxCLI[399276]: User 'admin' left the configuration menu.
Oct 20 17:31:59.785800 osdx dnscrypt-proxy[467603]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Oct 20 17:31:59.785815 osdx dnscrypt-proxy[467603]: [RD] OK (DoH) - rtt: 113ms
Oct 20 17:31:59.785825 osdx dnscrypt-proxy[467603]: Server with the lowest initial latency: RD (rtt: 113ms)
Oct 20 17:31:59.785830 osdx dnscrypt-proxy[467603]: dnscrypt-proxy is ready - live servers: 1
Oct 20 17:32:02.031165 osdx systemd[1]: systemd-timedated.service: Deactivated successfully.
Oct 20 17:32:04.774198 osdx OSDxCLI[399276]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Oct 20 17:32:06.853874 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Single Invalid Cipher

Description

Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Oct 20 17:32:13.000413 osdx systemd-timedated[469289]: Changed local time to Mon 2025-10-20 17:32:13 UTC
Oct 20 17:32:13.002059 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'set date 2025-10-20 17:32:13'.
Oct 20 17:32:13.004420 osdx systemd-journald[222010]: Time jumped backwards, rotating.
Oct 20 17:32:13.335841 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.8M, max 13.8M, 11.9M free.
Oct 20 17:32:13.336425 osdx systemd-journald[222010]: Received client request to rotate journal, rotating.
Oct 20 17:32:13.336462 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de.
Oct 20 17:32:13.348564 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'system journal clear'.
Oct 20 17:32:13.578041 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'system coredump delete all'.
Oct 20 17:32:13.859397 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu.
Oct 20 17:32:13.935519 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 20 17:32:14.021248 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 20 17:32:14.088175 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'.
Oct 20 17:32:14.184500 osdx ubnt-cfgd[469317]: inactive
Oct 20 17:32:14.205330 osdx INFO[469325]: FRR daemons did not change
Oct 20 17:32:14.224445 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 20 17:32:14.299629 osdx cfgd[1655]: [399276]Completed change to active configuration
Oct 20 17:32:14.310950 osdx OSDxCLI[399276]: User 'admin' committed the configuration.
Oct 20 17:32:14.349487 osdx OSDxCLI[399276]: User 'admin' left the configuration menu.
Oct 20 17:32:14.488132 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Oct 20 17:32:14.684270 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu.
Oct 20 17:32:14.755505 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Oct 20 17:32:14.870567 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Oct 20 17:32:14.945774 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Oct 20 17:32:15.052875 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Oct 20 17:32:15.151471 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'.
Oct 20 17:32:15.210706 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Oct 20 17:32:15.306003 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Oct 20 17:32:15.392460 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 20 17:32:15.492595 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 20 17:32:15.578885 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'.
Oct 20 17:32:15.651367 osdx ubnt-cfgd[469486]: inactive
Oct 20 17:32:15.676095 osdx INFO[469494]: FRR daemons did not change
Oct 20 17:32:15.689302 osdx ca-certificates[469510]: Updating certificates in /etc/ssl/certs...
Oct 20 17:32:16.202096 osdx ubnt-cfgd[470508]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Oct 20 17:32:16.210112 osdx ca-certificates[470513]: 1 added, 0 removed; done.
Oct 20 17:32:16.213161 osdx ca-certificates[470520]: Running hooks in /etc/ca-certificates/update.d...
Oct 20 17:32:16.215845 osdx ca-certificates[470522]: done.
Oct 20 17:32:16.268706 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 20 17:32:16.269833 osdx cfgd[1655]: [399276]Completed change to active configuration
Oct 20 17:32:16.271868 osdx OSDxCLI[399276]: User 'admin' committed the configuration.
Oct 20 17:32:16.288876 osdx OSDxCLI[399276]: User 'admin' left the configuration menu.
Oct 20 17:32:16.301850 osdx dnscrypt-proxy[470526]: dnscrypt-proxy 2.0.45
Oct 20 17:32:16.301914 osdx dnscrypt-proxy[470526]: Network connectivity detected
Oct 20 17:32:16.302105 osdx dnscrypt-proxy[470526]: Dropping privileges
Oct 20 17:32:16.304364 osdx dnscrypt-proxy[470526]: Network connectivity detected
Oct 20 17:32:16.304395 osdx dnscrypt-proxy[470526]: Now listening to 127.0.0.1:53 [UDP]
Oct 20 17:32:16.304400 osdx dnscrypt-proxy[470526]: Now listening to 127.0.0.1:53 [TCP]
Oct 20 17:32:16.304436 osdx dnscrypt-proxy[470526]: Firefox workaround initialized
Oct 20 17:32:16.304441 osdx dnscrypt-proxy[470526]: Loading the set of cloaking rules from [/tmp/tmp6dom4s1b]
Oct 20 17:32:16.305173 osdx dnscrypt-proxy[470526]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Multiple Invalid Cipher

Description

Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Oct 20 17:32:23.334048 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.8M, max 13.8M, 11.9M free.
Oct 20 17:32:23.335577 osdx systemd-journald[222010]: Received client request to rotate journal, rotating.
Oct 20 17:32:23.335650 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de.
Oct 20 17:32:23.344461 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'system journal clear'.
Oct 20 17:32:23.642049 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'system coredump delete all'.
Oct 20 17:32:23.874214 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu.
Oct 20 17:32:23.974222 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 20 17:32:24.060540 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 20 17:32:24.127814 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'.
Oct 20 17:32:24.223069 osdx ubnt-cfgd[472204]: inactive
Oct 20 17:32:24.247448 osdx INFO[472212]: FRR daemons did not change
Oct 20 17:32:24.267570 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 20 17:32:24.343175 osdx cfgd[1655]: [399276]Completed change to active configuration
Oct 20 17:32:24.355730 osdx OSDxCLI[399276]: User 'admin' committed the configuration.
Oct 20 17:32:24.372326 osdx OSDxCLI[399276]: User 'admin' left the configuration menu.
Oct 20 17:32:24.507009 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Oct 20 17:32:24.632753 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu.
Oct 20 17:32:24.694769 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Oct 20 17:32:24.797646 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Oct 20 17:32:24.863724 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Oct 20 17:32:24.965135 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Oct 20 17:32:25.029610 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'.
Oct 20 17:32:25.118539 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Oct 20 17:32:25.201296 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Oct 20 17:32:25.326110 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 20 17:32:25.385729 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 20 17:32:25.544381 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'.
Oct 20 17:32:25.624335 osdx ubnt-cfgd[472373]: inactive
Oct 20 17:32:25.644705 osdx INFO[472381]: FRR daemons did not change
Oct 20 17:32:25.656941 osdx ca-certificates[472397]: Updating certificates in /etc/ssl/certs...
Oct 20 17:32:26.132319 osdx ubnt-cfgd[473395]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Oct 20 17:32:26.140495 osdx ca-certificates[473401]: 1 added, 0 removed; done.
Oct 20 17:32:26.143578 osdx ca-certificates[473407]: Running hooks in /etc/ca-certificates/update.d...
Oct 20 17:32:26.146211 osdx ca-certificates[473409]: done.
Oct 20 17:32:26.203922 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 20 17:32:26.205346 osdx cfgd[1655]: [399276]Completed change to active configuration
Oct 20 17:32:26.207852 osdx OSDxCLI[399276]: User 'admin' committed the configuration.
Oct 20 17:32:26.226316 osdx dnscrypt-proxy[473413]: dnscrypt-proxy 2.0.45
Oct 20 17:32:26.226385 osdx dnscrypt-proxy[473413]: Network connectivity detected
Oct 20 17:32:26.226574 osdx dnscrypt-proxy[473413]: Dropping privileges
Oct 20 17:32:26.228892 osdx dnscrypt-proxy[473413]: Network connectivity detected
Oct 20 17:32:26.228927 osdx dnscrypt-proxy[473413]: Now listening to 127.0.0.1:53 [UDP]
Oct 20 17:32:26.228931 osdx dnscrypt-proxy[473413]: Now listening to 127.0.0.1:53 [TCP]
Oct 20 17:32:26.228950 osdx dnscrypt-proxy[473413]: Firefox workaround initialized
Oct 20 17:32:26.228954 osdx dnscrypt-proxy[473413]: Loading the set of cloaking rules from [/tmp/tmpyeg8u8cs]
Oct 20 17:32:26.229824 osdx dnscrypt-proxy[473413]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Oct 20 17:32:26.252009 osdx OSDxCLI[399276]: User 'admin' left the configuration menu.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Oct 20 17:32:26.650589 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.8M, max 13.8M, 11.9M free.
Oct 20 17:32:26.651583 osdx systemd-journald[222010]: Received client request to rotate journal, rotating.
Oct 20 17:32:26.651638 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de.
Oct 20 17:32:26.663787 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'system journal clear'.
Oct 20 17:32:26.934756 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu.
Oct 20 17:32:27.006608 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'delete '.
Oct 20 17:32:27.083599 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Oct 20 17:32:27.181156 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'.
Oct 20 17:32:27.248372 osdx ubnt-cfgd[473461]: inactive
Oct 20 17:32:27.274173 osdx dnscrypt-proxy[473413]: Stopped.
Oct 20 17:32:27.274259 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Oct 20 17:32:27.275626 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Oct 20 17:32:27.275755 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 20 17:32:27.346275 osdx ca-certificates[473547]: Clearing symlinks in /etc/ssl/certs...
Oct 20 17:32:27.624309 osdx ca-certificates[474117]: done.
Oct 20 17:32:27.628518 osdx ca-certificates[474126]: Updating certificates in /etc/ssl/certs...
Oct 20 17:32:28.091919 osdx ubnt-cfgd[474971]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Oct 20 17:32:28.100775 osdx ca-certificates[474977]: 140 added, 0 removed; done.
Oct 20 17:32:28.103723 osdx ca-certificates[474983]: Running hooks in /etc/ca-certificates/update.d...
Oct 20 17:32:28.106680 osdx ca-certificates[474985]: done.
Oct 20 17:32:28.122040 osdx INFO[474988]: FRR daemons did not change
Oct 20 17:32:28.122653 osdx cfgd[1655]: [399276]Completed change to active configuration
Oct 20 17:32:28.124902 osdx OSDxCLI[399276]: User 'admin' committed the configuration.
Oct 20 17:32:28.148300 osdx OSDxCLI[399276]: User 'admin' left the configuration menu.
Oct 20 17:32:29.377412 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu.
Oct 20 17:32:29.441585 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Oct 20 17:32:29.542374 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Oct 20 17:32:29.610418 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Oct 20 17:32:29.715877 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Oct 20 17:32:29.818707 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'.
Oct 20 17:32:29.876419 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Oct 20 17:32:29.976960 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Oct 20 17:32:30.051156 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 20 17:32:30.138759 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 20 17:32:30.204007 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'.
Oct 20 17:32:30.306539 osdx ubnt-cfgd[475022]: inactive
Oct 20 17:32:30.328720 osdx INFO[475032]: FRR daemons did not change
Oct 20 17:32:30.340539 osdx ca-certificates[475048]: Updating certificates in /etc/ssl/certs...
Oct 20 17:32:30.806335 osdx ubnt-cfgd[476046]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Oct 20 17:32:30.813906 osdx ca-certificates[476052]: 1 added, 0 removed; done.
Oct 20 17:32:30.816786 osdx ca-certificates[476058]: Running hooks in /etc/ca-certificates/update.d...
Oct 20 17:32:30.820535 osdx ca-certificates[476060]: done.
Oct 20 17:32:30.839571 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 20 17:32:30.971921 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 20 17:32:30.973115 osdx cfgd[1655]: [399276]Completed change to active configuration
Oct 20 17:32:30.986643 osdx OSDxCLI[399276]: User 'admin' committed the configuration.
Oct 20 17:32:30.997571 osdx dnscrypt-proxy[476170]: dnscrypt-proxy 2.0.45
Oct 20 17:32:30.997856 osdx dnscrypt-proxy[476170]: Network connectivity detected
Oct 20 17:32:30.998096 osdx dnscrypt-proxy[476170]: Dropping privileges
Oct 20 17:32:31.000179 osdx dnscrypt-proxy[476170]: Network connectivity detected
Oct 20 17:32:31.000213 osdx dnscrypt-proxy[476170]: Now listening to 127.0.0.1:53 [UDP]
Oct 20 17:32:31.000219 osdx dnscrypt-proxy[476170]: Now listening to 127.0.0.1:53 [TCP]
Oct 20 17:32:31.000244 osdx dnscrypt-proxy[476170]: Firefox workaround initialized
Oct 20 17:32:31.000249 osdx dnscrypt-proxy[476170]: Loading the set of cloaking rules from [/tmp/tmpeqxivb2n]
Oct 20 17:32:31.001191 osdx dnscrypt-proxy[476170]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Oct 20 17:32:31.013695 osdx OSDxCLI[399276]: User 'admin' left the configuration menu.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Oct 20 17:32:31.269956 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.8M, max 13.8M, 11.9M free.
Oct 20 17:32:31.271573 osdx systemd-journald[222010]: Received client request to rotate journal, rotating.
Oct 20 17:32:31.271645 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de.
Oct 20 17:32:31.280217 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'system journal clear'.
Oct 20 17:32:31.565063 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu.
Oct 20 17:32:31.626969 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'delete '.
Oct 20 17:32:31.741961 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Oct 20 17:32:31.804248 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'.
Oct 20 17:32:31.904986 osdx ubnt-cfgd[476236]: inactive
Oct 20 17:32:31.926636 osdx dnscrypt-proxy[476170]: Stopped.
Oct 20 17:32:31.926717 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Oct 20 17:32:31.927942 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Oct 20 17:32:31.928057 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 20 17:32:32.001056 osdx ca-certificates[476322]: Clearing symlinks in /etc/ssl/certs...
Oct 20 17:32:32.272525 osdx ca-certificates[476892]: done.
Oct 20 17:32:32.275536 osdx ca-certificates[476901]: Updating certificates in /etc/ssl/certs...
Oct 20 17:32:32.711524 osdx ubnt-cfgd[477746]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Oct 20 17:32:32.721654 osdx ca-certificates[477752]: 140 added, 0 removed; done.
Oct 20 17:32:32.725409 osdx ca-certificates[477758]: Running hooks in /etc/ca-certificates/update.d...
Oct 20 17:32:32.728147 osdx ca-certificates[477760]: done.
Oct 20 17:32:32.743690 osdx INFO[477763]: FRR daemons did not change
Oct 20 17:32:32.743964 osdx cfgd[1655]: [399276]Completed change to active configuration
Oct 20 17:32:32.793291 osdx OSDxCLI[399276]: User 'admin' committed the configuration.
Oct 20 17:32:32.835428 osdx OSDxCLI[399276]: User 'admin' left the configuration menu.
Oct 20 17:32:34.188369 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu.
Oct 20 17:32:34.248450 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Oct 20 17:32:34.361914 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Oct 20 17:32:34.439083 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Oct 20 17:32:34.555423 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Oct 20 17:32:34.665769 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'.
Oct 20 17:32:34.734059 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Oct 20 17:32:34.790851 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Oct 20 17:32:34.885594 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Oct 20 17:32:34.974023 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 20 17:32:35.077113 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 20 17:32:35.146832 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'.
Oct 20 17:32:35.244870 osdx ubnt-cfgd[477800]: inactive
Oct 20 17:32:35.268659 osdx INFO[477810]: FRR daemons did not change
Oct 20 17:32:35.282006 osdx ca-certificates[477826]: Updating certificates in /etc/ssl/certs...
Oct 20 17:32:35.830924 osdx ubnt-cfgd[478824]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Oct 20 17:32:35.838896 osdx ca-certificates[478829]: 1 added, 0 removed; done.
Oct 20 17:32:35.842844 osdx ca-certificates[478836]: Running hooks in /etc/ca-certificates/update.d...
Oct 20 17:32:35.846835 osdx ca-certificates[478838]: done.
Oct 20 17:32:35.867574 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 20 17:32:36.000047 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 20 17:32:36.001521 osdx cfgd[1655]: [399276]Completed change to active configuration
Oct 20 17:32:36.015311 osdx OSDxCLI[399276]: User 'admin' committed the configuration.
Oct 20 17:32:36.027228 osdx dnscrypt-proxy[478948]: dnscrypt-proxy 2.0.45
Oct 20 17:32:36.027310 osdx dnscrypt-proxy[478948]: Network connectivity detected
Oct 20 17:32:36.027541 osdx dnscrypt-proxy[478948]: Dropping privileges
Oct 20 17:32:36.030337 osdx dnscrypt-proxy[478948]: Network connectivity detected
Oct 20 17:32:36.030370 osdx dnscrypt-proxy[478948]: Now listening to 127.0.0.1:53 [UDP]
Oct 20 17:32:36.030375 osdx dnscrypt-proxy[478948]: Now listening to 127.0.0.1:53 [TCP]
Oct 20 17:32:36.030398 osdx dnscrypt-proxy[478948]: Firefox workaround initialized
Oct 20 17:32:36.030404 osdx dnscrypt-proxy[478948]: Loading the set of cloaking rules from [/tmp/tmpst9uc4fe]
Oct 20 17:32:36.031220 osdx dnscrypt-proxy[478948]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Oct 20 17:32:36.033107 osdx OSDxCLI[399276]: User 'admin' left the configuration menu.

Invalid Cipher With Fallback

Description

Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Oct 20 17:32:43.295502 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.8M, max 13.8M, 11.9M free.
Oct 20 17:32:43.296222 osdx systemd-journald[222010]: Received client request to rotate journal, rotating.
Oct 20 17:32:43.296260 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de.
Oct 20 17:32:43.306268 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'system journal clear'.
Oct 20 17:32:43.531390 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'system coredump delete all'.
Oct 20 17:32:43.763258 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu.
Oct 20 17:32:43.838920 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 20 17:32:43.926613 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 20 17:32:43.989718 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'.
Oct 20 17:32:44.077867 osdx ubnt-cfgd[480645]: inactive
Oct 20 17:32:44.102857 osdx INFO[480653]: FRR daemons did not change
Oct 20 17:32:44.120233 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 20 17:32:44.194274 osdx cfgd[1655]: [399276]Completed change to active configuration
Oct 20 17:32:44.208199 osdx OSDxCLI[399276]: User 'admin' committed the configuration.
Oct 20 17:32:44.234955 osdx OSDxCLI[399276]: User 'admin' left the configuration menu.
Oct 20 17:32:44.380182 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Oct 20 17:32:44.577457 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu.
Oct 20 17:32:44.654233 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Oct 20 17:32:44.733121 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Oct 20 17:32:44.839069 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Oct 20 17:32:44.897586 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Oct 20 17:32:45.001575 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'.
Oct 20 17:32:45.061085 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Oct 20 17:32:45.152782 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Oct 20 17:32:45.208251 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Oct 20 17:32:45.322368 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 20 17:32:45.378160 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 20 17:32:45.490932 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'.
Oct 20 17:32:45.561439 osdx ubnt-cfgd[480817]: inactive
Oct 20 17:32:45.583432 osdx INFO[480825]: FRR daemons did not change
Oct 20 17:32:45.595911 osdx ca-certificates[480840]: Updating certificates in /etc/ssl/certs...
Oct 20 17:32:46.148563 osdx ubnt-cfgd[481839]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Oct 20 17:32:46.159637 osdx ca-certificates[481844]: 1 added, 0 removed; done.
Oct 20 17:32:46.163687 osdx ca-certificates[481851]: Running hooks in /etc/ca-certificates/update.d...
Oct 20 17:32:46.166436 osdx ca-certificates[481853]: done.
Oct 20 17:32:46.252565 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 20 17:32:46.254301 osdx cfgd[1655]: [399276]Completed change to active configuration
Oct 20 17:32:46.256792 osdx OSDxCLI[399276]: User 'admin' committed the configuration.
Oct 20 17:32:46.273561 osdx OSDxCLI[399276]: User 'admin' left the configuration menu.
Oct 20 17:32:46.273758 osdx dnscrypt-proxy[481857]: dnscrypt-proxy 2.0.45
Oct 20 17:32:46.273828 osdx dnscrypt-proxy[481857]: Network connectivity detected
Oct 20 17:32:46.274069 osdx dnscrypt-proxy[481857]: Dropping privileges
Oct 20 17:32:46.276198 osdx dnscrypt-proxy[481857]: Network connectivity detected
Oct 20 17:32:46.276236 osdx dnscrypt-proxy[481857]: Now listening to 127.0.0.1:53 [UDP]
Oct 20 17:32:46.276240 osdx dnscrypt-proxy[481857]: Now listening to 127.0.0.1:53 [TCP]
Oct 20 17:32:46.276263 osdx dnscrypt-proxy[481857]: Firefox workaround initialized
Oct 20 17:32:46.276267 osdx dnscrypt-proxy[481857]: Loading the set of cloaking rules from [/tmp/tmp3cibv8rq]
Oct 20 17:32:46.466533 osdx dnscrypt-proxy[481857]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Oct 20 17:32:46.466557 osdx dnscrypt-proxy[481857]: [RD] OK (DoH) - rtt: 115ms
Oct 20 17:32:46.466567 osdx dnscrypt-proxy[481857]: Server with the lowest initial latency: RD (rtt: 115ms)
Oct 20 17:32:46.466573 osdx dnscrypt-proxy[481857]: dnscrypt-proxy is ready - live servers: 1
Oct 20 17:32:51.461383 osdx OSDxCLI[399276]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Oct 20 17:32:53.538521 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Oct 20 17:32:53.739830 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.8M, max 13.8M, 11.9M free.
Oct 20 17:32:53.740275 osdx systemd-journald[222010]: Received client request to rotate journal, rotating.
Oct 20 17:32:53.740305 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de.
Oct 20 17:32:53.750262 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'system journal clear'.
Oct 20 17:32:54.070103 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu.
Oct 20 17:32:54.141617 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'delete '.
Oct 20 17:32:54.268883 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Oct 20 17:32:54.341631 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'.
Oct 20 17:32:54.449937 osdx ubnt-cfgd[481912]: inactive
Oct 20 17:32:54.472422 osdx dnscrypt-proxy[481857]: Stopped.
Oct 20 17:32:54.472475 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Oct 20 17:32:54.473202 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Oct 20 17:32:54.473304 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 20 17:32:54.540574 osdx ca-certificates[481998]: Clearing symlinks in /etc/ssl/certs...
Oct 20 17:32:54.809296 osdx ca-certificates[482567]: done.
Oct 20 17:32:54.813042 osdx ca-certificates[482576]: Updating certificates in /etc/ssl/certs...
Oct 20 17:32:55.223936 osdx ubnt-cfgd[483422]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Oct 20 17:32:55.232375 osdx ca-certificates[483428]: 140 added, 0 removed; done.
Oct 20 17:32:55.235151 osdx ca-certificates[483434]: Running hooks in /etc/ca-certificates/update.d...
Oct 20 17:32:55.237856 osdx ca-certificates[483436]: done.
Oct 20 17:32:55.254689 osdx INFO[483439]: FRR daemons did not change
Oct 20 17:32:55.255113 osdx cfgd[1655]: [399276]Completed change to active configuration
Oct 20 17:32:55.257007 osdx OSDxCLI[399276]: User 'admin' committed the configuration.
Oct 20 17:32:55.273546 osdx OSDxCLI[399276]: User 'admin' left the configuration menu.
Oct 20 17:32:56.509547 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu.
Oct 20 17:32:56.579680 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Oct 20 17:32:56.672764 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Oct 20 17:32:56.744831 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Oct 20 17:32:56.828573 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Oct 20 17:32:56.891044 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'.
Oct 20 17:32:56.990969 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Oct 20 17:32:57.050475 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Oct 20 17:32:57.146873 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Oct 20 17:32:57.226587 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 20 17:32:57.306498 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 20 17:32:57.380552 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'.
Oct 20 17:32:57.493674 osdx ubnt-cfgd[483476]: inactive
Oct 20 17:32:57.517584 osdx INFO[483486]: FRR daemons did not change
Oct 20 17:32:57.529739 osdx ca-certificates[483501]: Updating certificates in /etc/ssl/certs...
Oct 20 17:32:58.029006 osdx ubnt-cfgd[484500]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Oct 20 17:32:58.037124 osdx ca-certificates[484505]: 1 added, 0 removed; done.
Oct 20 17:32:58.040430 osdx ca-certificates[484512]: Running hooks in /etc/ca-certificates/update.d...
Oct 20 17:32:58.043468 osdx ca-certificates[484514]: done.
Oct 20 17:32:58.064241 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 20 17:32:58.204580 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 20 17:32:58.205960 osdx cfgd[1655]: [399276]Completed change to active configuration
Oct 20 17:32:58.217387 osdx OSDxCLI[399276]: User 'admin' committed the configuration.
Oct 20 17:32:58.226454 osdx dnscrypt-proxy[484624]: dnscrypt-proxy 2.0.45
Oct 20 17:32:58.226745 osdx dnscrypt-proxy[484624]: Network connectivity detected
Oct 20 17:32:58.226997 osdx dnscrypt-proxy[484624]: Dropping privileges
Oct 20 17:32:58.229025 osdx dnscrypt-proxy[484624]: Network connectivity detected
Oct 20 17:32:58.229203 osdx dnscrypt-proxy[484624]: Now listening to 127.0.0.1:53 [UDP]
Oct 20 17:32:58.229236 osdx dnscrypt-proxy[484624]: Now listening to 127.0.0.1:53 [TCP]
Oct 20 17:32:58.229279 osdx dnscrypt-proxy[484624]: Firefox workaround initialized
Oct 20 17:32:58.229305 osdx dnscrypt-proxy[484624]: Loading the set of cloaking rules from [/tmp/tmpl2shbd_x]
Oct 20 17:32:58.272842 osdx OSDxCLI[399276]: User 'admin' left the configuration menu.
Oct 20 17:32:58.397760 osdx dnscrypt-proxy[484624]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Oct 20 17:32:58.397777 osdx dnscrypt-proxy[484624]: [RD] OK (DoH) - rtt: 108ms
Oct 20 17:32:58.397788 osdx dnscrypt-proxy[484624]: Server with the lowest initial latency: RD (rtt: 108ms)
Oct 20 17:32:58.397793 osdx dnscrypt-proxy[484624]: dnscrypt-proxy is ready - live servers: 1
Oct 20 17:32:58.445553 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Oct 20 17:32:58.748886 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.8M, max 13.8M, 11.9M free.
Oct 20 17:32:58.752229 osdx systemd-journald[222010]: Received client request to rotate journal, rotating.
Oct 20 17:32:58.752288 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de.
Oct 20 17:32:58.760454 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'system journal clear'.
Oct 20 17:32:59.025403 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu.
Oct 20 17:32:59.129639 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'delete '.
Oct 20 17:32:59.205757 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Oct 20 17:32:59.304660 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'.
Oct 20 17:32:59.370158 osdx ubnt-cfgd[484694]: inactive
Oct 20 17:32:59.394797 osdx dnscrypt-proxy[484624]: Stopped.
Oct 20 17:32:59.394891 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Oct 20 17:32:59.396005 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Oct 20 17:32:59.396135 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 20 17:32:59.471535 osdx ca-certificates[484780]: Clearing symlinks in /etc/ssl/certs...
Oct 20 17:32:59.748068 osdx ca-certificates[485350]: done.
Oct 20 17:32:59.751046 osdx ca-certificates[485359]: Updating certificates in /etc/ssl/certs...
Oct 20 17:33:00.216659 osdx ubnt-cfgd[486204]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Oct 20 17:33:00.224444 osdx ca-certificates[486209]: 140 added, 0 removed; done.
Oct 20 17:33:00.227308 osdx ca-certificates[486216]: Running hooks in /etc/ca-certificates/update.d...
Oct 20 17:33:00.230928 osdx ca-certificates[486218]: done.
Oct 20 17:33:00.249487 osdx INFO[486221]: FRR daemons did not change
Oct 20 17:33:00.250000 osdx cfgd[1655]: [399276]Completed change to active configuration
Oct 20 17:33:00.271951 osdx OSDxCLI[399276]: User 'admin' committed the configuration.
Oct 20 17:33:00.289625 osdx OSDxCLI[399276]: User 'admin' left the configuration menu.
Oct 20 17:33:01.637905 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu.
Oct 20 17:33:01.734910 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Oct 20 17:33:01.798278 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Oct 20 17:33:01.938456 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Oct 20 17:33:01.997312 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Oct 20 17:33:02.144532 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'.
Oct 20 17:33:02.218025 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Oct 20 17:33:02.324938 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Oct 20 17:33:02.389683 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Oct 20 17:33:02.500518 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 20 17:33:02.557372 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 20 17:33:02.721242 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'.
Oct 20 17:33:02.845870 osdx ubnt-cfgd[486261]: inactive
Oct 20 17:33:02.874068 osdx INFO[486271]: FRR daemons did not change
Oct 20 17:33:02.887797 osdx ca-certificates[486287]: Updating certificates in /etc/ssl/certs...
Oct 20 17:33:03.440373 osdx ubnt-cfgd[487285]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Oct 20 17:33:03.449007 osdx ca-certificates[487291]: 1 added, 0 removed; done.
Oct 20 17:33:03.452503 osdx ca-certificates[487297]: Running hooks in /etc/ca-certificates/update.d...
Oct 20 17:33:03.456582 osdx ca-certificates[487299]: done.
Oct 20 17:33:03.476227 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 20 17:33:03.616526 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 20 17:33:03.618270 osdx cfgd[1655]: [399276]Completed change to active configuration
Oct 20 17:33:03.629318 osdx OSDxCLI[399276]: User 'admin' committed the configuration.
Oct 20 17:33:03.647868 osdx OSDxCLI[399276]: User 'admin' left the configuration menu.
Oct 20 17:33:03.648867 osdx dnscrypt-proxy[487409]: dnscrypt-proxy 2.0.45
Oct 20 17:33:03.648925 osdx dnscrypt-proxy[487409]: Network connectivity detected
Oct 20 17:33:03.649117 osdx dnscrypt-proxy[487409]: Dropping privileges
Oct 20 17:33:03.651508 osdx dnscrypt-proxy[487409]: Network connectivity detected
Oct 20 17:33:03.651543 osdx dnscrypt-proxy[487409]: Now listening to 127.0.0.1:53 [UDP]
Oct 20 17:33:03.651548 osdx dnscrypt-proxy[487409]: Now listening to 127.0.0.1:53 [TCP]
Oct 20 17:33:03.651578 osdx dnscrypt-proxy[487409]: Firefox workaround initialized
Oct 20 17:33:03.651583 osdx dnscrypt-proxy[487409]: Loading the set of cloaking rules from [/tmp/tmprlvdh_vv]
Oct 20 17:33:03.830301 osdx dnscrypt-proxy[487409]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Oct 20 17:33:03.830314 osdx dnscrypt-proxy[487409]: [RD] OK (DoH) - rtt: 113ms
Oct 20 17:33:03.830320 osdx dnscrypt-proxy[487409]: Server with the lowest initial latency: RD (rtt: 113ms)
Oct 20 17:33:03.830325 osdx dnscrypt-proxy[487409]: dnscrypt-proxy is ready - live servers: 1
Oct 20 17:33:08.808610 osdx OSDxCLI[399276]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Oct 20 17:33:10.911144 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 4

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Oct 20 17:33:11.134591 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.8M, max 13.8M, 11.9M free.
Oct 20 17:33:11.136230 osdx systemd-journald[222010]: Received client request to rotate journal, rotating.
Oct 20 17:33:11.136309 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de.
Oct 20 17:33:11.147200 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'system journal clear'.
Oct 20 17:33:11.489497 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu.
Oct 20 17:33:11.566805 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'delete '.
Oct 20 17:33:11.705881 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Oct 20 17:33:11.773148 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'.
Oct 20 17:33:11.871306 osdx ubnt-cfgd[487485]: inactive
Oct 20 17:33:11.891181 osdx dnscrypt-proxy[487409]: Stopped.
Oct 20 17:33:11.891255 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Oct 20 17:33:11.892331 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Oct 20 17:33:11.892437 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 20 17:33:11.964001 osdx ca-certificates[487571]: Clearing symlinks in /etc/ssl/certs...
Oct 20 17:33:12.219518 osdx ca-certificates[488140]: done.
Oct 20 17:33:12.222476 osdx ca-certificates[488150]: Updating certificates in /etc/ssl/certs...
Oct 20 17:33:12.674438 osdx ubnt-cfgd[488995]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Oct 20 17:33:12.682746 osdx ca-certificates[489000]: 140 added, 0 removed; done.
Oct 20 17:33:12.686588 osdx ca-certificates[489007]: Running hooks in /etc/ca-certificates/update.d...
Oct 20 17:33:12.689380 osdx ca-certificates[489009]: done.
Oct 20 17:33:12.704546 osdx INFO[489012]: FRR daemons did not change
Oct 20 17:33:12.705047 osdx cfgd[1655]: [399276]Completed change to active configuration
Oct 20 17:33:12.763264 osdx OSDxCLI[399276]: User 'admin' committed the configuration.
Oct 20 17:33:12.781004 osdx OSDxCLI[399276]: User 'admin' left the configuration menu.
Oct 20 17:33:13.031030 osdx systemd[1]: systemd-timedated.service: Deactivated successfully.
Oct 20 17:33:14.089574 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu.
Oct 20 17:33:14.153391 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Oct 20 17:33:14.277752 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Oct 20 17:33:14.341815 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Oct 20 17:33:14.445571 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Oct 20 17:33:14.549144 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'.
Oct 20 17:33:14.607330 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Oct 20 17:33:14.709310 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Oct 20 17:33:14.765785 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Oct 20 17:33:14.882173 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 20 17:33:14.938281 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 20 17:33:15.050057 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'.
Oct 20 17:33:15.119023 osdx ubnt-cfgd[489051]: inactive
Oct 20 17:33:15.142418 osdx INFO[489061]: FRR daemons did not change
Oct 20 17:33:15.156197 osdx ca-certificates[489077]: Updating certificates in /etc/ssl/certs...
Oct 20 17:33:15.617293 osdx ubnt-cfgd[490075]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Oct 20 17:33:15.625057 osdx ca-certificates[490081]: 1 added, 0 removed; done.
Oct 20 17:33:15.627834 osdx ca-certificates[490087]: Running hooks in /etc/ca-certificates/update.d...
Oct 20 17:33:15.630530 osdx ca-certificates[490089]: done.
Oct 20 17:33:15.648234 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 20 17:33:15.788581 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 20 17:33:15.789923 osdx cfgd[1655]: [399276]Completed change to active configuration
Oct 20 17:33:15.801697 osdx OSDxCLI[399276]: User 'admin' committed the configuration.
Oct 20 17:33:15.815607 osdx dnscrypt-proxy[490199]: dnscrypt-proxy 2.0.45
Oct 20 17:33:15.815905 osdx dnscrypt-proxy[490199]: Network connectivity detected
Oct 20 17:33:15.816147 osdx dnscrypt-proxy[490199]: Dropping privileges
Oct 20 17:33:15.818444 osdx dnscrypt-proxy[490199]: Network connectivity detected
Oct 20 17:33:15.818653 osdx dnscrypt-proxy[490199]: Now listening to 127.0.0.1:53 [UDP]
Oct 20 17:33:15.818658 osdx dnscrypt-proxy[490199]: Now listening to 127.0.0.1:53 [TCP]
Oct 20 17:33:15.818682 osdx dnscrypt-proxy[490199]: Firefox workaround initialized
Oct 20 17:33:15.818687 osdx dnscrypt-proxy[490199]: Loading the set of cloaking rules from [/tmp/tmpj_6f4_0f]
Oct 20 17:33:15.820371 osdx OSDxCLI[399276]: User 'admin' left the configuration menu.
Oct 20 17:33:16.010497 osdx dnscrypt-proxy[490199]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Oct 20 17:33:16.010513 osdx dnscrypt-proxy[490199]: [RD] OK (DoH) - rtt: 119ms
Oct 20 17:33:16.010523 osdx dnscrypt-proxy[490199]: Server with the lowest initial latency: RD (rtt: 119ms)
Oct 20 17:33:16.010529 osdx dnscrypt-proxy[490199]: dnscrypt-proxy is ready - live servers: 1
Oct 20 17:33:20.981671 osdx OSDxCLI[399276]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Oct 20 17:33:23.082037 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 5

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Oct 20 17:33:23.292552 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.8M, max 13.8M, 11.9M free.
Oct 20 17:33:23.296229 osdx systemd-journald[222010]: Received client request to rotate journal, rotating.
Oct 20 17:33:23.296291 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de.
Oct 20 17:33:23.302182 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'system journal clear'.
Oct 20 17:33:23.588874 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu.
Oct 20 17:33:23.700806 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'delete '.
Oct 20 17:33:23.797989 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Oct 20 17:33:23.862292 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'.
Oct 20 17:33:23.982776 osdx ubnt-cfgd[490274]: inactive
Oct 20 17:33:24.004380 osdx dnscrypt-proxy[490199]: Stopped.
Oct 20 17:33:24.004446 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Oct 20 17:33:24.005486 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Oct 20 17:33:24.005595 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 20 17:33:24.077446 osdx ca-certificates[490360]: Clearing symlinks in /etc/ssl/certs...
Oct 20 17:33:24.342599 osdx ca-certificates[490930]: done.
Oct 20 17:33:24.345538 osdx ca-certificates[490939]: Updating certificates in /etc/ssl/certs...
Oct 20 17:33:24.787102 osdx ubnt-cfgd[491784]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Oct 20 17:33:24.796347 osdx ca-certificates[491790]: 140 added, 0 removed; done.
Oct 20 17:33:24.799235 osdx ca-certificates[491796]: Running hooks in /etc/ca-certificates/update.d...
Oct 20 17:33:24.802137 osdx ca-certificates[491798]: done.
Oct 20 17:33:24.819982 osdx INFO[491801]: FRR daemons did not change
Oct 20 17:33:24.820585 osdx cfgd[1655]: [399276]Completed change to active configuration
Oct 20 17:33:24.822741 osdx OSDxCLI[399276]: User 'admin' committed the configuration.
Oct 20 17:33:24.839217 osdx OSDxCLI[399276]: User 'admin' left the configuration menu.
Oct 20 17:33:26.075393 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu.
Oct 20 17:33:26.134337 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Oct 20 17:33:26.236675 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Oct 20 17:33:26.300915 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Oct 20 17:33:26.398445 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Oct 20 17:33:26.458822 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'.
Oct 20 17:33:26.560235 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Oct 20 17:33:26.619982 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Oct 20 17:33:26.712551 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Oct 20 17:33:26.789817 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 20 17:33:26.873598 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 20 17:33:26.940838 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'.
Oct 20 17:33:27.039894 osdx ubnt-cfgd[491839]: inactive
Oct 20 17:33:27.064297 osdx INFO[491849]: FRR daemons did not change
Oct 20 17:33:27.078302 osdx ca-certificates[491865]: Updating certificates in /etc/ssl/certs...
Oct 20 17:33:27.578107 osdx ubnt-cfgd[492863]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Oct 20 17:33:27.587274 osdx ca-certificates[492869]: 1 added, 0 removed; done.
Oct 20 17:33:27.590324 osdx ca-certificates[492875]: Running hooks in /etc/ca-certificates/update.d...
Oct 20 17:33:27.593375 osdx ca-certificates[492877]: done.
Oct 20 17:33:27.612238 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 20 17:33:27.760529 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 20 17:33:27.761645 osdx cfgd[1655]: [399276]Completed change to active configuration
Oct 20 17:33:27.772904 osdx OSDxCLI[399276]: User 'admin' committed the configuration.
Oct 20 17:33:27.782499 osdx dnscrypt-proxy[492987]: dnscrypt-proxy 2.0.45
Oct 20 17:33:27.782830 osdx dnscrypt-proxy[492987]: Network connectivity detected
Oct 20 17:33:27.783071 osdx dnscrypt-proxy[492987]: Dropping privileges
Oct 20 17:33:27.785399 osdx dnscrypt-proxy[492987]: Network connectivity detected
Oct 20 17:33:27.785626 osdx dnscrypt-proxy[492987]: Now listening to 127.0.0.1:53 [UDP]
Oct 20 17:33:27.785660 osdx dnscrypt-proxy[492987]: Now listening to 127.0.0.1:53 [TCP]
Oct 20 17:33:27.785704 osdx dnscrypt-proxy[492987]: Firefox workaround initialized
Oct 20 17:33:27.785729 osdx dnscrypt-proxy[492987]: Loading the set of cloaking rules from [/tmp/tmpgt3oh7m_]
Oct 20 17:33:27.790380 osdx OSDxCLI[399276]: User 'admin' left the configuration menu.
Oct 20 17:33:27.955111 osdx dnscrypt-proxy[492987]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Oct 20 17:33:27.955127 osdx dnscrypt-proxy[492987]: [RD] OK (DoH) - rtt: 102ms
Oct 20 17:33:27.955136 osdx dnscrypt-proxy[492987]: Server with the lowest initial latency: RD (rtt: 102ms)
Oct 20 17:33:27.955141 osdx dnscrypt-proxy[492987]: dnscrypt-proxy is ready - live servers: 1
Oct 20 17:33:32.949522 osdx OSDxCLI[399276]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Oct 20 17:33:35.037094 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 6

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Oct 20 17:33:35.253117 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.8M, max 13.8M, 11.9M free.
Oct 20 17:33:35.256233 osdx systemd-journald[222010]: Received client request to rotate journal, rotating.
Oct 20 17:33:35.256277 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de.
Oct 20 17:33:35.262632 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'system journal clear'.
Oct 20 17:33:35.563544 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu.
Oct 20 17:33:35.632015 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'delete '.
Oct 20 17:33:35.748244 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Oct 20 17:33:35.807826 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'.
Oct 20 17:33:35.915256 osdx ubnt-cfgd[493063]: inactive
Oct 20 17:33:35.935823 osdx dnscrypt-proxy[492987]: Stopped.
Oct 20 17:33:35.935824 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Oct 20 17:33:35.936998 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Oct 20 17:33:35.937105 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 20 17:33:36.010111 osdx ca-certificates[493148]: Clearing symlinks in /etc/ssl/certs...
Oct 20 17:33:36.280137 osdx ca-certificates[493719]: done.
Oct 20 17:33:36.283807 osdx ca-certificates[493731]: Updating certificates in /etc/ssl/certs...
Oct 20 17:33:36.736792 osdx ubnt-cfgd[494573]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Oct 20 17:33:36.744956 osdx ca-certificates[494580]: 140 added, 0 removed; done.
Oct 20 17:33:36.747879 osdx ca-certificates[494585]: Running hooks in /etc/ca-certificates/update.d...
Oct 20 17:33:36.750717 osdx ca-certificates[494587]: done.
Oct 20 17:33:36.765355 osdx INFO[494590]: FRR daemons did not change
Oct 20 17:33:36.765595 osdx cfgd[1655]: [399276]Completed change to active configuration
Oct 20 17:33:36.814775 osdx OSDxCLI[399276]: User 'admin' committed the configuration.
Oct 20 17:33:36.833967 osdx OSDxCLI[399276]: User 'admin' left the configuration menu.
Oct 20 17:33:38.119008 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu.
Oct 20 17:33:38.187856 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Oct 20 17:33:38.281381 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Oct 20 17:33:38.362227 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Oct 20 17:33:38.454174 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Oct 20 17:33:38.513729 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'.
Oct 20 17:33:38.615069 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Oct 20 17:33:38.681030 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Oct 20 17:33:38.773797 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Oct 20 17:33:38.847242 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 20 17:33:38.934473 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 20 17:33:39.001009 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'.
Oct 20 17:33:39.102185 osdx ubnt-cfgd[494627]: inactive
Oct 20 17:33:39.124314 osdx INFO[494637]: FRR daemons did not change
Oct 20 17:33:39.135843 osdx ca-certificates[494653]: Updating certificates in /etc/ssl/certs...
Oct 20 17:33:39.634922 osdx ubnt-cfgd[495651]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Oct 20 17:33:39.643225 osdx ca-certificates[495657]: 1 added, 0 removed; done.
Oct 20 17:33:39.646114 osdx ca-certificates[495663]: Running hooks in /etc/ca-certificates/update.d...
Oct 20 17:33:39.648858 osdx ca-certificates[495665]: done.
Oct 20 17:33:39.668227 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 20 17:33:39.816518 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 20 17:33:39.818058 osdx cfgd[1655]: [399276]Completed change to active configuration
Oct 20 17:33:39.830206 osdx OSDxCLI[399276]: User 'admin' committed the configuration.
Oct 20 17:33:39.848734 osdx dnscrypt-proxy[495775]: dnscrypt-proxy 2.0.45
Oct 20 17:33:39.848790 osdx dnscrypt-proxy[495775]: Network connectivity detected
Oct 20 17:33:39.848999 osdx dnscrypt-proxy[495775]: Dropping privileges
Oct 20 17:33:39.851339 osdx dnscrypt-proxy[495775]: Network connectivity detected
Oct 20 17:33:39.851372 osdx dnscrypt-proxy[495775]: Now listening to 127.0.0.1:53 [UDP]
Oct 20 17:33:39.851376 osdx dnscrypt-proxy[495775]: Now listening to 127.0.0.1:53 [TCP]
Oct 20 17:33:39.851400 osdx dnscrypt-proxy[495775]: Firefox workaround initialized
Oct 20 17:33:39.851404 osdx dnscrypt-proxy[495775]: Loading the set of cloaking rules from [/tmp/tmp9dceek8r]
Oct 20 17:33:39.856146 osdx OSDxCLI[399276]: User 'admin' left the configuration menu.
Oct 20 17:33:40.220769 osdx dnscrypt-proxy[495775]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Oct 20 17:33:40.220784 osdx dnscrypt-proxy[495775]: [RD] OK (DoH) - rtt: 101ms
Oct 20 17:33:40.220791 osdx dnscrypt-proxy[495775]: Server with the lowest initial latency: RD (rtt: 101ms)
Oct 20 17:33:40.220796 osdx dnscrypt-proxy[495775]: dnscrypt-proxy is ready - live servers: 1
Oct 20 17:33:45.017823 osdx OSDxCLI[399276]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Oct 20 17:33:47.107900 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.